End-to-end security in data networks

ABSTRACT

A method and apparatus for managing a data transmission in a network is provided, which has a client, a real server and a load-balancing node (virtual server). The load-balancing node includes a handshake executor for handling a security protocol to establish a handshake between a client and a server, and a communication executor for establishing a direct communication between the client and the server using a session information in respect to the established handshake. The handshake executor establishes the handshake with the client. When the handshake is established, the communication executor exports session information in respect to the established handshake. The client establishes TCP/IP connection with the server. The client and server communicate each other directly.

FIELD OF THE INVENTION

[0001] The present invention relates to end-to-end security in data networks and is particularly concerned with methods for off-loading CPU-intensive operations from an end point in a data connection.

BACKGROUND OF THE INVENTION

[0002] There are several known security protocols for use in data networks. For example Secure Sockets Layer (SSL) developed originally by Netscape (trademark) has become widely accepted in the World Wide Web for encrypted and authenticated data communications between a client and server. The Internet Engineering Task Force (IETF) standard Transport Layer Security (TLS) is based upon SSL.

[0003] The SSL/TLS protocol runs above the TCP/IP layer in the protocol stack, but below higher level application protocols such as HTTP (Hypertext Transport Protocol), IMAP (Internet Messaging Access Protocol) and so on. The SSL/TLS protocol establishes a secure connection between a client and a server, allowing optionally the client to authenticate itself to the server and the server to authenticate itself to the client and to establish a secured connection.

[0004] Like other security protocols, the SSL/TLS protocol includes a secured key exchange process. This is known as a handshake in SSL/TLS. During a handshake, a client sends a pre-master secret encrypted by the server's public key. The server is required to perform the corresponding private key decryption to retrieve the pre-master secret. Private key decryption (e.g. RSA in SSL/TLS) is extremely CPU intensive. This operation has been measured to cost more than 70% of the CPU cycles required for an entire handshake.

[0005] This problem has spurred the introduction of many SSL/TLS accelerators in the market. A proxy approach is taken where an intermediate box/switch (between a client and a server) will act as an accelerator and a virtual server. This virtual server terminates SSL/TLS and sends the corresponding data in clear to the destined server—the real server.

[0006] As data security becomes a priority, clear data in the intranet is not acceptable to industries such as the government and the financial sectors. As such, accelerator vendors address the data security requirement by securing the data connection between an accelerator and a server.

[0007] Effectively, this doubles the resource requirements at an accelerator—for each client connection, an accelerator has to decrypt and re-encrypt all payload. In addition, there are two handshakes for the connection—one between the client and the virtual server and another between the virtual server and the real server. Although some accelerators reuse the connection between the virtual server and the real server as a performance enhancement, decryption and re-encryption of the payload is still required at the virtual server.

SUMMARY OF THE INVENTION

[0008] An objective of the present invention is to provide end-to-end security with selective offload.

[0009] The present invention advantageously offloads servers for CPU intensive cryptographic call set up functions; addresses security concerns by providing end-to-end security; and load balances secured communications. Embodiments of the present invention take advantage of client ubiquity available with secure sockets layer (SSL).

[0010] Embodiments of the present invention provide for personal, policy based security level, that is, either end-to-end, end-to-virtual server or virtual server to real server. The decision on the type of security can be dynamic with the policy based on the application in question or on the client's identity from his/her certificate or cookie or any other combination.

[0011] Further flexibility proves the ability for customers to evolve their own security policy model at any time (either on a per client basis and/or on a per application basis). Consequently, embodiments of the present invention can handle either the SSL/TLS handshake only or both the SSL/TLS handshake and the SSL/TLS payload processing portions of the secure communication.

[0012] Various selective load balance schemes are possible, for example, certificate, cookie and other schemes.

BRIEF DESCRIPTION OF THE DRAWINGS

[0013] The present invention will be further understood from the following detailed description with reference to the drawings in which:

[0014]FIG. 1 illustrates in a block diagram a known load balancing arrangement in a client-server network;

[0015]FIG. 2 illustrates in a block diagram a client-server load balancing arrangement in accordance with an embodiment of the present invention; and

[0016]FIG. 3 illustrates in a block diagram a demonstration set up for the arrangement of FIG. 2.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

[0017] Referring to FIG. 1, there is illustrated in a block diagram a known load balancing arrangement in a client-server network. The client-server network 10 includes client networks 12 and 14, a server cluster 16 and a load balancing node 18.

[0018] In operation, the load balancing node 18 terminates the encrypted links from the client network 12 and 14 and connects to the server cluster 16 without encryption. In this way, the load balancing node serves two purposes it offloads SSL (both handshake and payload processing from the servers and it ensures load balancing of the servers in the server cluster 16. As long as the encryption need not be end-to-end, this arrangement works reasonably well. However, if it is a requirement to provide end-to-end encryption, that is, an encrypted path from the client to the server and back again, the load balancing node 18 is faced with the burden of acting as a client for server cluster 16, and a server for the client clusters 12 and 14. Consequently, the computational load on the load balancing node 18 is double what it would be in the arrangement of FIG. 1. For example the load balancing node 18 can be a Nortel Passport 8600 switch with Web Switch Module, Alteon Integrated Service Director—SSL accelerator.

[0019] Referring to FIG. 2, there is illustrated a client-server load balancing network in accordance with an embodiment of the present invention. The client-server network 20 includes client networks 12 and 14, a server cluster 16 and a load balancing node 22.

[0020] The load balancing node 22 in accordance with an embodiment of the present invention provides an accelerated SSL call set up process.

[0021] In operation, the load balancing node 22 handles the CPU intensive SSL handshake portion 24 of the SSL connection protocol, generates the working keys and securely exports the working keys, the TCP/IP information of the client and the SSL session information over connection 25 to the selected server 16 a. The secure connection 26 from client 12 d is then transferred to the server 16 a once the handshaking portion is completed. Details of the operation of the network of FIG. 2 are provided herein below with regard to FIG. 3.

[0022] Referring to FIG. 3 there is illustrated in a functional block diagram a demonstration set up for the embodiment of FIG. 2.

[0023] The demonstration setup of FIG. 3 is used to explain in greater detail, operation of the load balancing node 22 of FIG. 2. For consistency with FIG. 2, the same reference characters are used in FIG. 3 for the client 12 d, the load balancing node (LBN) 22 and the server 16 a.

[0024] For the demonstration, port numbers are pre-assigned, however, it should be understood that in an implementation in an actual network, port assignments would be configurable.

[0025] The following describes, in detail, a demonstration of the operating principles of the embodiments of FIG. 2, with reference to FIG. 3.

[0026] 1. The load balancing node LBN acts as a virtual server.

[0027] 1.1 It listens to an SSL port. This is selected to be 4433 in the example for incoming client SSL connections.

[0028] 1.2 When a client SSL connection is received by a virtual server (LBN 22), a Full Handshake is done between the virtual server (LBN 22) and the client 16 d. Once a full handshake is done (server's Finished message is composed and is ready for transmission), LBN 22 selects a real server based on its load balancing policy which can be policy based, cookie-based, certificate-based, usage-based, or any combinations of the above or more.

[0029] 1.3 If the load balancing scheme does not require payload inspection, LBN22 securely exports the session context, the keying material and the client's TCP/IP context to the ‘selected’ real server 16 a over its control channel (VRC) 30. This is the VIP-RIP control channel (VRC) 30. This is a secured connection for keying materials, TCP/IP information, SSL session information, etc. to enable a real server to continue a client SSL connection where the LBN has left in an SSL connection.

[0030] 1.4 If the load balancing scheme requires payload inspection then LBN 22 needs to buffer the client encrypted data and the corresponding working keys for later transmission to the to-be-selected real server. The corresponding clear (decrypted) data is then inspected to select a real server. As in 1.3, the control information is then sent to the selected real server. The client encrypted data will be sent later in 1.5 when the data connection to the selected real server is established.

[0031] 1.5 LBN 22 connects to the ssl port (12345 in the example) of the selected real server 16 a (connection 32). When data connection 32 is established between LBN 22 and the selected real server 16 a, the two connections 36 and 32 will be spliced at TCP layer and relay of client ssl traffic to the real server 16 a will begin.

[0032] 1.6 If a client (12 d) initiates another SSL connection to the virtual server (LBN 22), the virtual server (LBN 22) will splice this connection (40 for session reuse handshake & 42 for payload) directly to the real server (16 a) selected for the first connection from the same client (12 d). This provides persistence (which is a customer configurable feature) where connections from the same client are served by the same real server (within a window as defined by customer policy).

[0033] 2 The real server 16 a listens to an ssl port (12345 in the example) and a pre-configured port for control data (port 4321 in the example).

[0034] 1.1. On receiving control data from a virtual server, a real server sets up the context for the forthcoming client ssl connection. The client's TCP/IP information, the ssl session context (for session reuse) and the working keys for the forthcoming ssl connection are set up at the real server 16 a.

[0035] 1.2. When a new ssl flow is “accepted” at the ssl port (12345 in the example), the server 16 a checks if there is a context (TCP/IP, ssl session & working keys) for the new ssl flow.

[0036] 1.3. If the context is already set up, the real server 16 a uses that context to continue an ssl connection. In other words, it picks up where the virtual server has left.

[0037] 1.4. If not, the real server checks if the ssl session is in cache. If so, an ssl session reuse will be done. This reuse handshake (which is substantially less CPU intensive) is indicated by line 40.

[0038] 1.5. By setting up an ssl session context at a real server, subsequent client ssl connections (session reuse) can be spliced by LBN 22 to the previously selected real server (line 40 for session reuse handshake & line 42 for payload). LBN 22 is not involved in any handshake nor ssl processing for lines 40 and 42.

[0039] 1.6. If the context is not set up and the ssl session is not in cache, then the real server 16 a will perform a full handshake as per customer's policy. 

What is claimed is:
 1. A method for managing a data transmission in a network, the network having a client, a load balancing node (a virtual server) and a real server, the method comprising the steps of: handling a security protocol to establish a key exchange (handshake) between the client and the virtual server (representing the real server); and exporting the contextual and keying information of the client connection to the real server to extend the logical end point of the client connection from the virtual server to the real server; and splicing the client connection and the real server connection after context set up; and establishing a direct communication between the client and the real server where server selection is already made at the virtual server and where context is already established at the real server.
 2. The method of claim 1 wherein the handling step includes a step of establishing the handshake between the load balancing node (virtual server) and the client.
 3. The method of claim 2 wherein the establishing step includes a step of exporting to the real server the session information related the established handshake.
 4. The method of claim 3 wherein the exporting step exports working keys to the real server.
 5. The method of claim 3 wherein the exporting step exports a session context to the server.
 6. The method of claim 3 wherein the exporting step exports a TCP/IP context of the client to the real server.
 7. The method of claim 1 wherein the handling step includes a step of parsing a certificate of the client to select the server among a server cluster.
 8. The method of claim 7 wherein the handling step further includes a step of connecting to the server based on the certificate.
 9. The method of claim 1 wherein the handling step includes a step of decrypting an information from the client to select the server.
 10. The method of claim 9 wherein the handling step further includes a step of connecting to the server based on the decrypted information.
 11. A method for managing a data transmission in a network, the network having a client, a server and a load balancing node, the method comprising the steps of: (1) handling a security protocol to establish a handshake between the client and the server via the load balancing node; (2) exporting from the load balancing node to the server a session information in respect to the established handshake; and (3) establishing a TCP/IP connection between the server and the client.
 12. The method of claim 11 further comprising a step of forwarding an encrypted data from the client to the server.
 13. A load balancing node for managing a data transmission in a network, the network having a client and a server, the load balancing node comprising: a handshake executor for handling a security protocol to establish a handshake between a client and a server; a communication executor for establishing a direct communication between the client and the server using a session information in respect to the established handshake.
 14. The load balancing node of claim 13 wherein the handshake executor establishes the handshake between the load balancing node and the client.
 15. The load balancing node of claim 14 wherein the communication executors exports the session information related the established handshake to the server.
 16. The load balancing node of claim 15 wherein the communication executors exports a key to the server.
 17. The load balancing node of claim 15 wherein the communication executors exports a session context to the server.
 18. The load balancing node of claim 15 wherein the communication executors exports a TCP/IP context of the client to the server.
 19. The load balancing node of claim 13 wherein the handshake executor includes mean for parsing a certificate of the client to select the server among a server cluster.
 20. The load balancing node of claim 19 wherein the handshake executor includes mean for connecting to the server based on the certificate.
 21. The load balancing node of claim 13 wherein the handshake executor includes means for decrypting information from the client to select the server.
 22. The load balancing node of claim 21 wherein the handshake executor includes means for connecting to the server based on the decrypted information. 